Home Malware Programs Malware GoldFinder Malware

GoldFinder Malware

Posted: March 5, 2021

The GoldFinder Malware is a very simplistic cyber-threat whose development and usage is attributed to the cybercrime group known as Nobelium or Solarigate. Their most notorious attack is against the SolarWinds software vendor, but they have been involved in other attack campaigns against US-based companies and individuals previously. The GoldFinder Malware was usually employed alongside other notable Nobelium APT implants such as the GoldMax Malware.

While the latter possesses features typical for backdoor Trojans, the GoldFinder Malware is far simpler. It is also written in the Go language, but its sole purpose is to track HTTP traffic on the compromised device, as well as to monitor for any out-of-place proxy servers and redirects. This may allow GoldFinder Malware's operators to identify controlled environments used for malware research since the researchers might try to isolate the traffic generated by the GoldMax Malware or similar implants. Basically, GoldFinder Malware is meant to make sure that GoldMax's activities will stay under the radar for as long as possible.

It is likely that the GoldMax Malware will self-terminate in case the GoldFinder Malware reports anything out of the ordinary. Advanced Persistent Threat (APT) groups often use multiple implants to make sure that the execution of their primary payload is not hindered, and the GoldFinder Malware appears to serve a similar purpose. All of Nobelium APT's malware is identifiable and removable with the use of updated anti-virus products.

Loading...